<?php
	require_once("functions.php");
	require_once("Connections/cnn.php");
	session_start();
	
	$sCurPass = addslashes(md5($_REQUEST['curPass']));
	$sID = $_SESSION['memberID'];
	
	$query = @mysql_query("SELECT Password FROM Members WHERE Password='{$sCurPass}'");
	$rs = @mysql_fetch_assoc($query);
	
	$oldpass = $rs['Password'];
	
	if (@mysql_num_rows($query) <= 0) {
        $errorMsg = "Your current password was wrong";
		Redirect('changePass.php?errorMsg=' ."$errorMsg".'');
    }
	else
	{
		$sNewPass = addslashes(md5($_REQUEST['newPass']));
		$sConNewPass = addslashes(md5($_REQUEST['connewPass']));
		if($sNewPass == $sConNewPass)
		{
			if($oldpass == $sNewPass)
			{
				$errorMsg = "Your new password looks like old one, try again";
				Redirect('changePass.php?errorMsg=' ."$errorMsg".'');
			}
			else
			{
				$sql = "UPDATE Members SET Password = '{$sNewPass}' WHERE ID = '{$sID}' ";
				$changepass = @mysql_query("$sql");
				if($changepass)
				{
					$errorMsg = "You have changed password"; 
					Redirect('changePass.php?errorMsg='."$errorMsg".'');
				}
				else
				{
					$errorMsg = "It has some problem to change your password, try again";
					Redirect('changePass.php?errorMsg=' ."$errorMsg".'');
				}
			}
		}
		else
		{
			$errorMsg = "Your confirm password was not matched";
			Redirect('changePass.php?errorMsg=' ."$errorMsg".'');
		}
	}
	
/*	//Debugging
	echo "$errorMsg<br />";
	 echo "$sID<br />";
	 echo "$sCurPass<br />";
	 echo "$sNewPass<br />";
	 echo "$sConNewPass<br />";
	 echo "$changepass<br />";
	 echo "$sql<br />";*/
?>












